Open weekens opened 6 years ago
It's just a general question that came to my mind: with deploying actors on remote hosts you are actually injecting code to be run with node-process privileges on that machine. How is comedy-node secured against hostile injection? is it enough to connect to default port and just say "hello, it's my, your friend, just get my code and run"? any tunneling, handshake? No mentions about this in the docs...
@108adams, the authentication feature for remote actors is not yet there, so yes, hostile injection is possible. Remote actors feature is intended for private networks where comedy-node
port is not exposed to public Internet.
When launching remote actor for testing purposes, it's often convenient to specify SSH credentials rather than deploying comedy-node on remote machine by hand. Comedy should support this.